details about inserting and sniffing packet by Packdril

[Wei Sun]

Hi all,

I am a beginner for Packetdrill and want to know the details about inserting and sniffing packet by Packdrill. I used a lot of command such as tcpdump, netstat, ss to figure out it. 

I only could figure out below information when there is a detection error for Packdrill otherwise nothing：

State           Recv-Q Send-Q        Local Address:Port                 Peer Address:Port

FIN-WAIT-1     0           4001        192.168.0.1:http-alt                  192.0.2.1:59157

Could you please tell me how the Packetdrill to insert and sniff the packet(i.e. which network interface, which port, etc) ?  Or how to observer the packet flow by tcpdump or other tool (i.e or just the packet flow inside kernel, which cannot be observed by such tcpdump tool)? 

From the paper, I know it uses the tun device to insert the packet and sniff packet by socket. 

but one of my linux systems without tun device also could run packetdrill successfully. Does Packetdrill implicitly runs a tun device only for the time when script is executed? 

Is it too fast to observe the appearance and behavior of the tun device?

Any comment is appreciated. 

Thanks a lot !

[Neal Cardwell]

On Wed, Apr 16, 2014 at 2:58 AM, Wei Sun <sunwe...@gmail.com> wrote:
>
> Hi all,
>
> I am a beginner for Packetdrill and want to know the details about inserting
> and sniffing packet by Packdrill. I used a lot of command such as tcpdump,
> netstat, ss to figure out it.
> I only could figure out below information when there is a detection error
> for Packdrill otherwise nothing：
> State Recv-Q Send-Q Local Address:Port Peer
> Address:Port
> FIN-WAIT-1 0 4001 192.168.0.1:http-alt
> 192.0.2.1:59157
>
> Could you please tell me how the Packetdrill to insert and sniff the
> packet(i.e. which network interface, which port, etc) ?

packetdrill uses a tun device in local mode, or your NIC device in
remote mode (whatever NIC you specify in --wire_client_dev or
--wire_server_dev; the default is "eth0".

packetdrill uses a TCP port given by --bind_port or --connect_port -
depending on whether your script is using bind() or connect(). The
default is port 8080. You can also set the remote and local IPs with
--remote_ip or --local_ip.

You can run ./packetdrill without any parameters to get help, or read
config.c to get a sense of the parameters that are available.

> Or how to observer
> the packet flow by tcpdump or other tool (i.e or just the packet flow inside
> kernel, which cannot be observed by such tcpdump tool)?

On Linux you can watch the traffic with:

tcpdump -n -i any port 8080 &

> From the paper, I know it uses the tun device to insert the packet and sniff
> packet by socket.

Yes.

> but one of my linux systems without tun device also could run packetdrill
> successfully. Does Packetdrill implicitly runs a tun device only for the
> time when script is executed?

Yes.

> Is it too fast to observe the appearance and behavior of the tun device?

If you add a sleep in your script you can watch it:

+0 `sleep 300`

Or you can dump the interface yourself in your script:

+0 `ifconfig -a`

> Any comment is appreciated.

Hope that helps!

neal

[Wei Sun]

Thanks a lot. Now I can observe the packet flow underlying Packetdrill :) 

TCP randomly generates the initial sequence number, thus packetdrill needs to translate the live packet to its script equivalent. 

How do you overcome the randomness for comparing actual packet with a "static" script? 

Which source file in the folder is responsible for the comparison ?

Thanks a lot. 

--
Best Regards,

Wei 

[Neal Cardwell]

On Wed, Apr 16, 2014 at 10:01 PM, Wei Sun <sunwe...@gmail.com> wrote:
> Thanks a lot. Now I can observe the packet flow underlying Packetdrill :)
>
> TCP randomly generates the initial sequence number, thus packetdrill needs
> to translate the live packet to its script equivalent.
>
> How do you overcome the randomness for comparing actual packet with a
> "static" script?

Section 3.1 of the USENIX packetdrill paper describes the approach at
a high level.

> Which source file in the folder is responsible for the comparison ?

Grep for live.local_isn in run_packet.c and socket.h.

neal

[Wei Sun]

Hi Neal,

Sorry to bother you again. I just wonder if I can make packetdrill to use NIC device (e.g. eth0) instead of tun device in local mode as I want to test a special NIC. 

If so, how can I make it?  

Thanks !  

[Neal Cardwell]

On Thu, Jun 12, 2014 at 11:45 PM, Wei Sun <sunwe...@gmail.com> wrote:
> Hi Neal,
>
> Sorry to bother you again. I just wonder if I can make packetdrill to use
> NIC device (e.g. eth0) instead of tun device in local mode as I want to test
> a special NIC.
>
> If so, how can I make it?
>
> Thanks !

It would take a big overhaul to shoehorn this kind of testing into
packetdrill's local mode. I don't have cycles to enumerate all the
steps that would take.

I recommend using remote mode if you want to use packetdrill to test a NIC.

This article has a quick tutorial on remote mode (see p. 50):

http://static.googleusercontent.com/media/research.google.com/en/us/pubs/archive/41848.pdf

neal

> --
> You received this message because you are subscribed to the Google Groups
> "packetdrill" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to packetdrill...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.